Re: [lmap] Review of draft-ietf-lmap-information-model-17

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Tue, 14 March 2017 08:53 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: lmap@ietfa.amsl.com
Delivered-To: lmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0351C1294C3; Tue, 14 Mar 2017 01:53:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ad6yHz-xtaS7; Tue, 14 Mar 2017 01:53:08 -0700 (PDT)
Received: from atlas3.jacobs-university.de (atlas3.jacobs-university.de [212.201.44.18]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FF96126CD8; Tue, 14 Mar 2017 01:53:08 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas3.jacobs-university.de (Postfix) with ESMTP id A0EA27D4; Tue, 14 Mar 2017 09:53:06 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas3.jacobs-university.de ([10.70.0.205]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10030) with ESMTP id RZtkjCIBmeTl; Tue, 14 Mar 2017 09:53:05 +0100 (CET)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas3.jacobs-university.de (Postfix) with ESMTPS; Tue, 14 Mar 2017 09:53:06 +0100 (CET)
Received: from localhost (demetrius3.jacobs-university.de [212.201.44.48]) by hermes.jacobs-university.de (Postfix) with ESMTP id 0DAB92003D; Tue, 14 Mar 2017 09:53:06 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius3.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id o9pkS3D55_bm; Tue, 14 Mar 2017 09:53:05 +0100 (CET)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 3B0F52003C; Tue, 14 Mar 2017 09:53:05 +0100 (CET)
Received: by elstar.local (Postfix, from userid 501) id B98803EBBBB2; Tue, 14 Mar 2017 09:53:09 +0100 (CET)
Date: Tue, 14 Mar 2017 09:53:09 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Russ Housley <housley@vigilsec.com>
Message-ID: <20170314085308.GA54939@elstar.local>
Mail-Followup-To: Russ Housley <housley@vigilsec.com>, gen-art@ietf.org, lmap@ietf.org, ietf@ietf.org, draft-ietf-lmap-information-model.all@ietf.org
References: <148814339074.2901.10793232146724828053.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <148814339074.2901.10793232146724828053.idtracker@ietfa.amsl.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lmap/Gwic7_m_CVNYRTBIoQb9p1KItSM>
Cc: gen-art@ietf.org, draft-ietf-lmap-information-model.all@ietf.org, ietf@ietf.org, lmap@ietf.org
Subject: Re: [lmap] Review of draft-ietf-lmap-information-model-17
X-BeenThere: lmap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Large Scale Measurement of Access network Performance <lmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lmap>, <mailto:lmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lmap/>
List-Post: <mailto:lmap@ietf.org>
List-Help: <mailto:lmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lmap>, <mailto:lmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2017 08:53:11 -0000

Russ,

thanks for your review. See my response to your comments inline.

On Sun, Feb 26, 2017 at 01:09:50PM -0800, Russ Housley wrote:
> Reviewer: Russ Housley
> Review result: Almost Ready
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair. Please wait for direction from your
> document shepherd or AD before posting a new version of the draft.
> 
> For more information, please see the FAQ at
> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
> 
> Document: draft-ietf-lmap-information-model-17
> Reviewer: Russ Housley
> Review Date: 2017-02-26
> IETF LC End Date: 2017-03-08
> IESG Telechat date: Unknown
> 
> Summary: Ready
> 
> Major Concerns:
> 
> Section 3.1 says that the pre-configuration information contains
> the certificate of the Controller or the certificate of the CA
> which issued the certificate for the Controller.  Section 3.1.1
> includes ma-preconfig-credentials.  Are these the same?

The information model on purse is somewhat unspecific about what
exactly the security credentials are. The reason is that the
information model maps to two data models today (one in the BBF and
one in the IETF). The IETF data model can be accessed over NETCONF and
RESTCONF. RESTCONF runs over HTTP/TLS while NETCONF by default runs
over SSH. As a consequence, the various credentials needed to support
the different protocols varies.

> Section 6 says that secure communication channels are needed.  This
> means
> that some components of this system (at least the Controller) must
> have
> secret keys or private keys.  I think that Section 6 should talk
> about
> which components of this system have keys and the consequences if the
> keys are not well protected.

There is a fairly large discussion of security issues in RFC 7594
and we point to them in section 6 rather than repeating them here.

   An implementation of this Information Model should support all the
   security and privacy requirements associated with the LMAP Framework
   [RFC7594].

> Minor Concerns:
> 
> The Introduction in RFC 7594 says: "There is a desire to be able
> to coordinate the execution of broadband measurements and the
> collection of measurement results across a large scale set of
> Measurement Agents (MAs)."  The Fact that LMAP is about broadband
> measurements should be stated in the first paragraph of the
> Introduction of this document.

I suggest to add a sentence including a reference to RFC 7536 so
that the 1st paragraph of the Introduction reads:

   A large-scale measurement platform is a collection of components that
   work in a coordinated fashion to perform measurements from a large
   number of vantage points.  A typical use case is the execution of
   broadband measurements [RFC7536].  The main components of a large-
   scale measurement platform are the Measurement Agents (hereafter
   MAs), the Controller(s) and the Collector(s).

> Nits:
> 
> In Section 3, the reason for the 6 categories should probably be
> placed before the list instead of several paragraphs later.

I agree, I have moved the text up (and due to some other comment we
started to call the categories 'aspects'). So the new text reads:

   The information model is divided into six aspects.  Firstly the
   grouping of information facilitates reader understanding.  Secondly,
   the particular groupings chosen are expected to map to different
   protocols or different transmissions within those protocols.

> In 3.1: s/If the MA ID is not provided at this stage then/
>          /If the MA ID is not provided at this stage, then/

fixed

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>